4 FM quick reads on security
1. Define Network Responsibilities to Defuse IT-Security Tension
Defining network responsibilities is a critical part of IT-security convergence, but it can sometimes lead to tension.
The crossover between departments and the potential sticking points certainly apply to surveillance, which is one area of security that is seeing a definite trend of convergence. Even a few years ago, closed-circuit TV systems ran on their own network — almost always managed by security — and video was stored on VCRs or DVRs. Now, Internet Protocol (IP)-based cameras record video to dedicated servers, often over the main building network; these systems tend to be more complex than previous systems due to the additional pieces involved, and often they fall under the umbrella of IT.
IP-based cameras offer a number of advantages, but remember that if you have an outdoor security camera plugged into the network, it's a potential access point if the network isn't properly secured. It could also be a potential point of failure due to a lightning strike.
The good news is that it's easy to fix by setting up the network to lock out the port if the camera is disconnected, but it's also the type of thing that could fall through the cracks if the responsibilities aren't examined closely enough when it's time for the division of labor.
There are other basic considerations as well. Consider wiring and cabling. Who runs the network cable for a new, IP-based surveillance system? The same department or contractor who handles running the power to a new access-control compatible door? If so, you have to know if they are qualified to run network cable. Simply making sure that IT is kept in the loop on who's doing what and why they're qualified to do it can prevent a lot of headaches. Another area requiring attention is how the systems are powered and what systems can stay up and running during a power outage. If there's an hour of battery life, that's fine for computers used by employees. But the security system needs to be powered beyond that so you still have surveillance, access control and monitoring capabilities. An hour of battery life is fine for orderly shutdown for data users, but not for security and other systems (such as fire/life safety) that are on those networks. They have to stay up continually.
3. Test New, Existing Systems To Ensure Working Access Control
When installing new access control hardware and software, testing it with existing doors and hardware is crucial to ensuring all systems are working properly.
While facility managers would not knowingly choose access control hardware and software that don't work well together, this can be the result if they don't take the time to review the systems, and test them together.
For example, consider what happens if the mechanical hardware on a door doesn't align with the electronic access control system. Once the door is mechanically locked, even a properly functioning access control system won't be able to open it.
Sometimes facility managers retain a key cylinder on a door with an electronic card reader. This allows an individual to bypass the card reading system with a key, thus destroying the audit system.
Of course, a facility still needs a backup system in case the card system fails. One way to handle this, yet not make it easy for individuals to bypass the system, is by installing new key cylinders when a new card system is implemented.
Then, the new keys should be given only to the individuals that truly need them. This provides redundancy, without potentially undermining the electronic access system.
Another mistake is failing to include all the components required to create a solid access control system. For instance, installing card access technology alone on a door creates an electronic locking system, but won't let you know if the door has been forced or propped open. That requires a door monitoring sensor.
Another area to watch is the interface between the access control system and the corporate network. Many access control systems rely on a company's network to transmit data. Some access control systems may not work effectively with the corporate network, or may strain network capacity, making data transmission more difficult.
4. Assess Future Needs When Putting In New Access Control
Facility managers charged with implementing a new access control system will want to do all they can to avoid mistakes.
Of course, that's true of any implementation. However, mistakes can be particularly troubling with access control systems because they're so visible. The implemented system needs to secure the building, yet still allow occupants to move about as needed.
When replacing an older system with an updated one, it becomes tempting to simply remove the current system and replace it with newer devices, retaining the same general configuration. While that might suffice, it also means foregoing the opportunity to re-assess a facility's security needs, as well missing out on the features that might not have been possible even a few years ago, says Harold Gillens, president of Quintech Security Consultants.
He provides an example: Some of today's systems can link a facility's security cameras to the floor plan. That can be valuable if, for instance, emergency responders need to track a dangerous individual as he or she moves within a facility.
Another mistake is overlooking the benefits of technology that works with both the existing components of a system and new technology as it emerges, says Frank Pisciotta, president of Business Protection Specialists. That is, a new system that can read both existing and new access cards eliminates the need to "re-badge" all employees. "It's not that much different in costs, but it provides tremendous flexibility" when migrating to the newer credentials, he says.
Remember that access cards are evolving, from bar code and magnetic stripe technology to smart cards and, in some cases, near-field communication. So a facility manager considering an upgrade will want to install a reader that works with new technology as it emerges, Pisciotta says.